Air Force Aims to ‘Rewrite Laws of Cyberspace’

The Air Force is fed up with a seemingly endless barrage of attacks on its computer networks from stealthy adversaries whose motives and even locations are unclear. So now the service is looking to restore its advantage on the virtual battlefield by doing nothing less than the rewriting the "laws of cyberspace."

It’s more than a little ironic that the U.S. military, which had so much to do with the creation and early development of internet, finds itself at its mercy. But as the American armed forces become increasingly reliant on its communications networks, even small, obscure holes in the defense grid are seen as having catastrophic potential.

Trouble is that even a founding father can’t unilaterally change things that the entirety of the internet ecosystem now depends on. "You can control your own networks, rewrite your own laws," says Rick Wesson, CEO of the network security firm Support Intelligence. "You can’t rewrite everybody else’s."

But the Air Force Research Laboratory’s "Integrated Cyber Defense" program, announced earlier this month, is part of a larger military effort to accomplish just that. "The ‘laws’ of cyberspace can be rewritten, and therefore the domain can be modified at any level to favor defensive forces," announces the project’s request for proposals. Some of the rewrites being considered:

At the moment, though, online aggressors have the edge on the military’s network protectors, the Air Force says.

"Defensive operations are constantly playing ‘catch up’ to an ever-increasing onslaught of attacks that seem to always stay one step ahead," says the Air Force Research Laboratory’s "Integrated Cyber Defense" request for proposals. "In order to tip the balance in favor of the defender, we must develop a strategic approach to cyber defense that transcends the day to day reactive operations."

"[M]ost threats should be made irrelevant by eliminating vulnerabilities beforehand by either moving them ‘out of band’ (i.e., making them technically or physically inaccessible to the adversary), or ‘designing them out’ completely," the request for proposals adds.

"Can we create a cyberspace with different rules?" asks Paul Ratazzi, a technical advisor at the AFRL’s Information
Directorate. "Let’s challenge those fundamental assumptions on how these things work, and see if there’s a better way."

For instance, it’s extraordinarily difficult to find the hacker behind a cyberattack today. Network traffic can be run through dozens of different proxies and anonymizers; "botnets" of enslaved computers can be controlled from the other side of the world; millions of PCs spew out malicious data without their owners ever catching on. AFRL
would like to see a way to change existing network protocols, to make it easier to trace and locate the source of an online threat.

Or perhaps today’s protocols can be tailored, to make military networks "technically or physically inaccessible" to malicious traffic. "We’ll start with blue," says Information Directorate chief Donald Hanson, using the military term for friendly forces. "If you’re not blue, you can’t come in."

Hanson is also interested in finding ways to dodge electronic attacks, rather than figure out new ways to stop them, or lock them out. "A lot of our [defenses] up to now have been about defeating an attack," he says. "We’d rather avoid it altogether." Digital radios communicate today by "frequency-hopping" — jumping across multiple bands of the spectrum. Perhaps the Air Force’s online traffic could do something similar.

There are some network precedents for the idea, Wesson explains.
So-called "honeypot" servers are used to lure in hackers with fake targets to attack. But the hackers are often aware which IP addresses are really honeypots. So hosted servers are used to mask those addresses — and, with a secure network "tunnel," run the traffic back to the honeypots. "If you can do that with honeypots, you can do it with all kinds of other things," Wesson says.

Hanson refused to comment on that technique. But Ross Stapleton-Gray, with the Packet Clearing House research group, isn’t sure cyberstrikes can be avoided, really. "The way networks work, it’s always going to be easier for a nimble attacker than a nimble defender," says Ross Stapleton-Gray, with the Packet Clearing House research group. "There’s always a scarcity of bandwidth — somewhere. There are always chokepoints — somewhere."